SB2022030857 - Multiple vulnerabilities in MediaTek chipsets
Published: March 8, 2022 Updated: March 7, 2023
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 13 vulnerabilities.
1) Buffer overflow (CVE-ID: CVE-2022-20047)
CWE-ID: CWE-119 - Memory corruption
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in video decoder. A remote attacker can trick the victim to open a specially crafted media file, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
2) Buffer overflow (CVE-ID: CVE-2022-20048)
CWE-ID: CWE-119 - Memory corruption
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in media decoder. A remote attacker can trick the victim to open a specially crafted media file, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
3) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2022-20053)
CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to missing permissions check in the ims service. A local application can execute arbitrary code with elevated privileges.
4) Improper Access Control (CVE-ID: CVE-2022-20049)
CWE-ID: CWE-284 - Improper Access Control
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local privileged application to execute arbitrary code.
The vulnerability exists due to a missing permission check within vpu. A local privileged application can execute arbitrary code.
5) UNIX Symbolic Link (Symlink) Following (CVE-ID: CVE-2022-20050)
CWE-ID: CWE-61 - UNIX Symbolic Link (Symlink) Following
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local privileged application to execute arbitrary code.
The vulnerability exists due to improper link resolution within connsyslogger. A local privileged application can execute arbitrary code.
6) Incorrect Privilege Assignment (CVE-ID: CVE-2022-20051)
CWE-ID: CWE-266 - Incorrect Privilege Assignment
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local application to perform service disruption.
The vulnerability exists due to incorrect privilege assignment within ims service. A local application can perform service disruption.
7) Missing Authorization (CVE-ID: CVE-2022-20054)
CWE-ID: CWE-862 - Missing Authorization
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to a missing permission check within ims service. A local application can execute arbitrary code.
8) Out-of-bounds write (CVE-ID: CVE-2022-20055)
CWE-ID: CWE-787 - Out-of-bounds write
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to a missing bounds check within preloader (usb). A local application can execute arbitrary code.
9) Out-of-bounds write (CVE-ID: CVE-2022-20056)
CWE-ID: CWE-787 - Out-of-bounds write
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to a missing bounds check within preloader (usb). A local application can execute arbitrary code.
10) Detection of error condition without action (CVE-ID: CVE-2022-20057)
CWE-ID: CWE-390 - Detection of error condition without action
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local privileged application to execute arbitrary code.
The vulnerability exists due to incorrect error handling within btif. A local privileged application can execute arbitrary code.
11) Out-of-bounds write (CVE-ID: CVE-2022-20058)
CWE-ID: CWE-787 - Out-of-bounds write
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to a missing bounds check within preloader (usb). A local application can execute arbitrary code.
12) Out-of-bounds write (CVE-ID: CVE-2022-20059)
CWE-ID: CWE-787 - Out-of-bounds write
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to a missing bounds check within preloader (usb). A local application can execute arbitrary code.
13) Improper Authorization (CVE-ID: CVE-2022-20060)
CWE-ID: CWE-285 - Improper Authorization
CVSSv4: CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows an attacker to escalate privileges on the device.
The vulnerability exists due to a missing proper image authentication within the preloader (usb). An attacker with physical access to device can execute arbitrary code.
Remediation
Install update from vendor's website.